func GetIamUsers(r *iam.GetGroupOutput) []string {
for _, user := range r.Users {
users = append(users, *user.UserName)
}
log.Debug(fmt.Sprintf("Got a list of Iam Users %v", users))
return users
}
// Sync all users and keys onto the coreos host this is the primary function
func (l *awsUser) Sync() error {
usr, err := user.Lookup(l.iamUser)
if err != nil {
if err := l.addUser(); err != nil {
log.Debug("Failed on calling addUser")
return err
}
} else {
l.localUser = usr
}
if err := l.DoKeys(); err != nil {
log.Debug("Failed on calling DoKeys")
return err
}
return nil
}
func getUserKey(user string, svc *iam.IAM, k []*iam.SSHPublicKeyMetadata) ([]string, error) {
encoding := "SSH"
publicKeys := []string{}
for _, key := range k {
kresp, err := svc.GetSSHPublicKey(&iam.GetSSHPublicKeyInput{
Encoding: aws.String(encoding),
SSHPublicKeyId: key.SSHPublicKeyId,
UserName: aws.String(user),
})
log.Debug(fmt.Sprintf("Called AWS GetSSHPublicKey: user %v for %v using encoding %v", user, key.SSHPublicKeyId, encoding))
if err != nil {
return publicKeys, err
}
if *kresp.SSHPublicKey.Status == "Active" {
log.Debug(fmt.Sprintf("Got active key from AWS %v", *kresp.SSHPublicKey.SSHPublicKeyBody))
publicKeys = append(publicKeys, *kresp.SSHPublicKey.SSHPublicKeyBody)
}
}
return publicKeys, nil
}
// Clean up any users that are no longer suppose to be on the box
func (u *UserList) Cleanup() error {
delUsers := GetArrayDiff(u.AwsUsers, u.LocalUsers)
for _, usr := range delUsers {
if stringInSlice(usr, u.IgnoredUsers) {
log.Debug(fmt.Sprintf("User %v is in ignored users %v not deleting", usr, u.IgnoredUsers))
continue
}
if err := RemoveUser(usr); err != nil {
return err
}
}
return nil
}
func GetAllUsers() ([]string, error) {
passwd := "/etc/passwd"
fpasswd, err := os.Open(passwd)
if err != nil {
return nil, err
}
defer fpasswd.Close()
var users []string
scanner := bufio.NewScanner(fpasswd)
for scanner.Scan() {
users = append(users, strings.Split(scanner.Text(), ":")[0])
}
log.Debug(fmt.Sprintf("Got a list of local users: %v", users))
return users, scanner.Err()
}
// Get the keys of user if there are any locally if not then add keys from iam.
// if there are keys for the user then find out if there are more local keys than there are in iam in which case
// set it to replace the keys
func (l *awsUser) DoKeys() error {
keyPath := authKeysFilePath(l.localUser)
keys, _ := l.getKeys(keyPath)
writekeys := true
if keys != nil {
if len(keys) == len(l.Keys) {
if len(GetArrayDiff(keys, l.Keys)) == 0 {
writekeys = false
log.Debug("No new keys found, nothing to do")
}
} else {
keys = l.Keys
}
} else {
keys = l.Keys
}
if writekeys == true {
if err := Keys(l.localUser, keyPath, keys); err != nil {
return err
}
log.Debug(fmt.Sprintf("Adding keys %v for %v", keys, l.localUser.Username))
}
return nil
}
// Set the key in the structure for the user fetched from iam or delete user from
// structure if the user hasn't set a key
func (u userMap) setKey(svc *iam.IAM) error {
for user, struc := range u {
keys, err := sync_iam.GetKeys(user, svc)
if err != nil {
log.Error(fmt.Sprintf("Error occurred getting keys: %v", err))
return err
}
if len(keys) == 0 {
log.Debug(fmt.Sprintf("No active keys for %v. Not adding user [get them to add their key]", user))
delete(u, user)
} else {
struc.keys = keys
}
}
return nil
}
// Check if there is the authorized keys file if it is then return all the keys from it
func (l *awsUser) getKeys(keyPath string) ([]string, error) {
if _, err := os.Stat(keyPath); os.IsNotExist(err) {
return nil, err
} else {
kfile, err := os.Open(keyPath)
if err != nil {
return nil, err
}
defer kfile.Close()
var keys []string
scanner := bufio.NewScanner(kfile)
for scanner.Scan() {
keys = append(keys, scanner.Text())
}
log.Debug(fmt.Sprintf("Current keys on host for %v : %v", keyPath, keys))
return keys, scanner.Err()
}
}
// Loop through the keys and call add key to add key to the box
func Keys(l *user.User, kp string, ks []string) error {
f, err := os.Create(kp)
defer f.Close()
if err != nil {
return err
log.Error(fmt.Sprintf("Error creating %v", kp))
}
log.Debug(fmt.Sprintf("Created file %v writing keys %v", kp, ks))
w := bufio.NewWriter(f)
for _, k := range ks {
fmt.Fprintln(w, k)
log.Info(fmt.Sprintf("adding key %v", k[0:20]))
}
w.Flush()
if err := setPerms(l, kp); err != nil {
return err
}
return nil
}